CVE-2025-23122 – Node.js ReadFileUtf8 Memory Leak Denial of Service

May 19, 2025

CVE ID : CVE-2025-23122

Published : May 19, 2025, 2:15 a.m. | 32 minutes ago

Description : In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory growth, leading to a denial of service.

Impact:
* This vulnerability affects APIs relying on `ReadFileUtf8` on Node.js release lines: v20 and v22.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-23123 – UBTech UniFi Protect Camera Remote Code Execution Vulnerability

Next Article CVE-2025-4904 – D-Link DI-7003GV2 Information Disclosure Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-23122 – Node.js ReadFileUtf8 Memory Leak Denial of Service

DjVuLibre-lek laat aanvaller code op Linux-desktops uitvoeren

Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros

CVE-2025-5870 – TRENDnet TV-IP121W Web Interface Improper Authentication Vulnerability

This 10-port charging station solved my home office’s biggest issue (and it’s on sale)

How to Work with Queues in TypeScript

Play Ransomware Hacked 900 Organizations, CISA Released TTPs & IOCs

Google just gave its Photos app the feature upgrade it deserves – here’s what’s new

CVE-2025-46339 – FreshRSS Favicon Poisoning Vulnerability

DolphinGemma: How Google AI is helping decode dolphin communication

CVE-2025-27920 – Messenger Directory Traversal Vulnerability

CVE-2025-23122 – Node.js ReadFileUtf8 Memory Leak Denial of Service

Related Posts